cvss_rating 0.5.4 → 0.5.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cvss_rating/cvss3_metrics.rb +15 -15
- data/lib/cvss_rating/version.rb +1 -1
- data/test/cvss3_rating_test.rb +28 -9
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 22b85441ed9dfd750176b5482942257a3fa5e6f5
|
|
4
|
+
data.tar.gz: 4840564e357dd55f6789937a55ae139d40644ab9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 262b65ba421f8e9bb3f8ad9179715119a6a845d1c976465c42600e0e4585451308505f958f0069dd27821f6713ad7f3e621fdb325873b8628a4c6ddf3ab85e3d
|
|
7
|
+
data.tar.gz: '028f893b2c1e80064cf822c97f02d4905d6f9711b16d95027408018013ca26bff76a4835ded93afefd83fae62d36d9d9d9c6b4cf1b18b5200348b0b28d7194a4'
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
module Cvss3
|
|
2
2
|
class Metrics
|
|
3
3
|
# Base Metrics
|
|
4
|
-
ATTACK_VECTOR = { :physical => 0.2, :local => 0.55, :adjacent_network => 0.62, :network => 0.85
|
|
5
|
-
ATTACK_COMPLEXITY = { :high => 0.44, :low => 0.77
|
|
6
|
-
|
|
7
|
-
PRIVILEGE_REQUIRED = { :
|
|
8
|
-
PRIVILEGE_REQUIRED_CHANGED = { :
|
|
9
|
-
|
|
10
|
-
USER_INTERACTION = {:
|
|
4
|
+
ATTACK_VECTOR = { :physical => 0.2, :local => 0.55, :adjacent_network => 0.62, :network => 0.85 }
|
|
5
|
+
ATTACK_COMPLEXITY = { :high => 0.44, :low => 0.77 }
|
|
6
|
+
|
|
7
|
+
PRIVILEGE_REQUIRED = { :none => 0.85, :low => 0.62, :high => 0.27 }
|
|
8
|
+
PRIVILEGE_REQUIRED_CHANGED = { :none => 0.85, :low => 0.68, :high => 0.50 }
|
|
9
|
+
|
|
10
|
+
USER_INTERACTION = {:none => 0.85, :required => 0.62 }
|
|
11
11
|
|
|
12
12
|
CIA_IMPACT = { :none => 0.0, :low => 0.22, :high => 0.56, :not_defined => 0.56 }
|
|
13
|
-
|
|
13
|
+
|
|
14
14
|
# Environmental Metrics
|
|
15
15
|
CIA_REQUIREMENT = { :low => 0.5, :medium => 1.0, :high => 1.50, :not_defined => 1.0 }
|
|
16
16
|
|
|
@@ -18,9 +18,9 @@ module Cvss3
|
|
|
18
18
|
EXPLOITABILITY = { :unproven => 0.91, :poc => 0.94, :functional => 0.97, :high => 1.0, :not_defined => 1.0 }
|
|
19
19
|
|
|
20
20
|
REMEDIATION_LEVEL = { :official => 0.95, :temporary => 0.96, :workaround => 0.97, :unavailable => 1.0, :not_defined => 1.0 }
|
|
21
|
-
|
|
21
|
+
|
|
22
22
|
REPORT_CONFIDENCE = { :unknown => 0.92, :reasonable => 0.96, :confirmed => 1.0, :not_defined => 1.0 }
|
|
23
|
-
|
|
23
|
+
|
|
24
24
|
# Key Lookup values
|
|
25
25
|
|
|
26
26
|
ATTACK_VECTOR_KEY = { :physical => 'P', :local => 'L', :adjacent_network => 'A', :network => 'N' }
|
|
@@ -30,11 +30,11 @@ module Cvss3
|
|
|
30
30
|
USER_INTERACTION_KEY = { :none => 'N', :required => 'R' }
|
|
31
31
|
|
|
32
32
|
SCOPE_KEY = { :changed => 'C', :unchanged => 'U' }
|
|
33
|
-
|
|
33
|
+
|
|
34
34
|
CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H' }
|
|
35
|
-
|
|
35
|
+
|
|
36
36
|
CIA_REQUIREMENT_KEY = { :low => 'L', :medium => 'M', :high => 'H', :not_defined => 'X' }
|
|
37
|
-
|
|
37
|
+
|
|
38
38
|
EXPLOITABILITY_KEY = { :unproven => 'U', :poc => 'P', :functional => 'F', :high => 'H', :not_defined => 'X' }
|
|
39
39
|
REMEDIATION_LEVEL_KEY = { :official => 'O', :temporary => "T", :workaround => 'W', :unavailable => 'U', :not_defined => 'X' }
|
|
40
40
|
REPORT_CONFIDENCE_KEY = { :unknown => 'U', :reasonable => 'R', :confirmed => 'C', :not_defined => 'X' }
|
|
@@ -46,7 +46,7 @@ module Cvss3
|
|
|
46
46
|
MODIFIED_USER_INTERACTION_KEY = { :none => 'N', :required => 'R', :not_defined => 'X' }
|
|
47
47
|
|
|
48
48
|
MODIFIED_SCOPE_KEY = { :changed => 'C', :unchanged => 'U', :not_defined => 'X' }
|
|
49
|
-
|
|
49
|
+
|
|
50
50
|
MODIFIED_CIA_IMPACT_KEY = { :none => 'N', :low => 'L', :high => 'H', :not_defined => 'X' }
|
|
51
51
|
end
|
|
52
|
-
end
|
|
52
|
+
end
|
data/lib/cvss_rating/version.rb
CHANGED
data/test/cvss3_rating_test.rb
CHANGED
|
@@ -100,13 +100,13 @@ class Cvss3RatingTest < MiniTest::Test
|
|
|
100
100
|
assert_equal "None", cvss.risk_score(0.0)
|
|
101
101
|
|
|
102
102
|
assert_equal "Low", cvss.risk_score(2.0)
|
|
103
|
-
|
|
103
|
+
|
|
104
104
|
assert_equal "Medium", cvss.risk_score(5.1)
|
|
105
|
-
|
|
105
|
+
|
|
106
106
|
assert_equal "High", cvss.risk_score(7.1)
|
|
107
|
-
|
|
107
|
+
|
|
108
108
|
assert_equal "Critical", cvss.risk_score(10.0)
|
|
109
|
-
|
|
109
|
+
|
|
110
110
|
assert_equal nil, cvss.risk_score(11.0)
|
|
111
111
|
end
|
|
112
112
|
|
|
@@ -147,7 +147,7 @@ class Cvss3RatingTest < MiniTest::Test
|
|
|
147
147
|
cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/CR:L/IR:L/AR:L")
|
|
148
148
|
|
|
149
149
|
cvss.cvss_base_score
|
|
150
|
-
|
|
150
|
+
|
|
151
151
|
score = cvss.cvss_temporal_score
|
|
152
152
|
|
|
153
153
|
assert_equal 4.3, score[0]
|
|
@@ -171,7 +171,7 @@ class Cvss3RatingTest < MiniTest::Test
|
|
|
171
171
|
cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/CR:L/IR:L/AR:L")
|
|
172
172
|
|
|
173
173
|
cvss.cvss_base_score
|
|
174
|
-
|
|
174
|
+
|
|
175
175
|
score = cvss.cvss_environmental_score
|
|
176
176
|
|
|
177
177
|
assert_equal 2.4, score[0]
|
|
@@ -182,7 +182,7 @@ class Cvss3RatingTest < MiniTest::Test
|
|
|
182
182
|
cvss.parse("AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/IR:L/AR:L/MAV:A/MPR:N")
|
|
183
183
|
|
|
184
184
|
cvss.cvss_base_score
|
|
185
|
-
|
|
185
|
+
|
|
186
186
|
score = cvss.cvss_environmental_score
|
|
187
187
|
|
|
188
188
|
assert_equal 4.8, score[0]
|
|
@@ -193,7 +193,7 @@ class Cvss3RatingTest < MiniTest::Test
|
|
|
193
193
|
cvss.parse("CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:U/MAV:N/MS:U")
|
|
194
194
|
|
|
195
195
|
cvss.cvss_base_score
|
|
196
|
-
|
|
196
|
+
|
|
197
197
|
score = cvss.cvss_environmental_score
|
|
198
198
|
|
|
199
199
|
assert_equal 3.9, score[0]
|
|
@@ -201,6 +201,25 @@ class Cvss3RatingTest < MiniTest::Test
|
|
|
201
201
|
assert_equal "Low", score[1]
|
|
202
202
|
end
|
|
203
203
|
|
|
204
|
+
def test_parsing
|
|
205
|
+
cvss = Cvss3::Rating.new
|
|
206
|
+
cvss.parse('CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U')
|
|
207
|
+
|
|
208
|
+
score = cvss.cvss_base_score
|
|
209
|
+
|
|
210
|
+
assert_equal 7.7, score[0]
|
|
211
|
+
|
|
212
|
+
assert_equal "High", score[1]
|
|
213
|
+
|
|
214
|
+
assert_equal "U", cvss.ex
|
|
215
|
+
|
|
216
|
+
assert_equal "N", cvss.ui
|
|
217
|
+
|
|
218
|
+
assert_equal "U", cvss.rl
|
|
219
|
+
|
|
220
|
+
end
|
|
221
|
+
|
|
222
|
+
|
|
204
223
|
def test_all_scores
|
|
205
224
|
cvss = Cvss3::Rating.new
|
|
206
225
|
cvss.parse("AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N/E:X/RL:X/RC:X")
|
|
@@ -232,4 +251,4 @@ class Cvss3RatingTest < MiniTest::Test
|
|
|
232
251
|
assert_equal 7.4, score[0]
|
|
233
252
|
end
|
|
234
253
|
|
|
235
|
-
end
|
|
254
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cvss_rating
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen Kapp
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-11-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -109,11 +109,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
109
109
|
version: '0'
|
|
110
110
|
requirements: []
|
|
111
111
|
rubyforge_project:
|
|
112
|
-
rubygems_version: 2.
|
|
112
|
+
rubygems_version: 2.6.14
|
|
113
113
|
signing_key:
|
|
114
114
|
specification_version: 4
|
|
115
115
|
summary: CVSS Risk Rating Calculation and Vector parsing
|
|
116
116
|
test_files:
|
|
117
117
|
- test/cvss2_rating_test.rb
|
|
118
118
|
- test/cvss3_rating_test.rb
|
|
119
|
-
has_rdoc:
|